DHS Ransomware Alert Issued

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency has issued another alert to the growing threat of ransomware. As businesses, townships and government agencies continue to get hit by ransomware, the need for protection has become a national concern.

There are numerous attacks occurring every month. Lake City recently shelled out nearly $500,000 to hackers so they could get their data back. And here in Florida, they’re not alone. The Riviera Beach City Council just had to pay $600,000 for access to their data after a similar attack.

This is happening on a regular basis across the country and around the world, prompting the DHS to recognize the trend as “the most visible cybersecurity risk playing out across US networks, locking up private sector organizations and government agencies alike.”

What Is Ransomware?

In a ransomware attack, a hacker gains access to an organization’s computer systems.

Typically, an unsuspecting employee clicks on an emailed attachment that appears to be a bill or other official document. In actuality, the attachment installs a malicious software program (malware) onto the computer system. Once embedded, the malware allows a hacker to access critical systems, often giving complete remote control data and access.

Ransomware Methodologies

Phishing

Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. Virtually anyone on the internet has seen a phishing attack.

Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites or include malware as an attachment.

With only a surprisingly small amount of information, cybercriminals can convincingly pose as business members and superiors in order to persuade employees to give them money, data or crucial information.

Web Browsers

They may seem like an obvious, old trick, but pop-ups are still causing problems.

Hackers have found vulnerabilities in many popular, modern browsers like Google Chrome and Mozilla Firefox. They spam users with official-looking pop-ups informing them of an “infection” or “security alert” prompting them to download a file or click a link.

That’s where the ransomware comes into play. As with so many of these methods, it just comes down to getting the user to interact with malware in some way without knowing it.

Out Of Date Hardware

Did you know that one of the most common ways that cybercriminals get into a network is through loopholes in popular software, applications, and programs?

Despite how advanced modern software is, it is still designed by humans, and the fact is that humans make mistakes. Due to this, much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.

Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users.

This is why it’s imperative that you keep your applications and systems up to date.

Unfortunately, most users find updates to be tedious and time-consuming and often opt to just click “Remind Me Later” instead of sitting through an often-inconvenient update process.

DHS Recommendations For Ransomware Protection

Implement this two-pronged approach to protect against ransomware:

Data Backup

If you have you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.

That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.

Be sure to:

Back up data on a regular basis (at least daily).

Inspect your backups to verify that they maintain their integrity.

Secure your backups and keep them independent from the networks and computers they are backing up.

Patch Management

You can’t afford to ignore software update notifications – but depending on your workload, you may have to. That’s where an IT company can help.

Software updates are not only to improve the functionality of the software; they also serve as a patch for recently identified vulnerabilities that can be exploited by hackers. Your IT company can handle the management of these updates to make sure that not a single one is ever skipped or delayed.